CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Packet Storm•added 2006/01/10 12:0 a.m.•29 views

secunia-ADOdb.txt

UbuntuCve•added 2006/01/09 11:3 p.m.•33 views

CVE-2006-0147

Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including 1 Mantis, 2 PostNuke, 3 Moodle, 4 Cacti, 5 Xaraya, 6 PhpOpenChat, possibly 7 MAXdev MD-Pro, and 8 Simplog, allows remote attackers to execute arbitrary PHP...

7.5CVSS6.2AI score0.12773EPSS

Exploits1References1

Prion•added 2006/01/09 11:3 p.m.•26 views

Design/Logic Flaw

7.5CVSS7.7AI score0.12773EPSS

Exploits1References30Affected Software5

Cvelist•added 2006/01/09 11:0 p.m.•29 views

CVE-2006-0147

7.3AI score0.12773EPSS

Exploits1References30

Positive Technologies•added 2006/01/09 12:0 a.m.•2 views

PT-2006-1226 · Adodb +9 · Adodb +9

Name of the Vulnerable Software and Affected Versions: ADODB versions prior to 4.70 Mantis versions prior to 1.1.0a PostNuke versions prior to 0.764 Moodle versions prior to 1.5.3 Cacti versions prior to 0.8.6i Xaraya versions prior to 0.98 PHPOpenChat versions prior to 1.0.6 MAXdev MD-Pro versio...

7.5CVSS7.8AI score0.12941EPSS

Exploits1References45

Packet Storm•added 2005/12/14 12:0 a.m.•28 views

envo.txt

Description: eNvolution is a fork of PostNuke. The entire core of the product is being replaced and improved, making it far more secure and stable, and able to work in high-volume environments with ease. vendor: http://www.envolution.com Vulnerability: SQL injection AND XSS sploit...

Packet Storm•added 2005/09/26 12:0 a.m.•38 views

GeSHi.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 GeSHi Local PHP file inclusion 1.0.7.2 Author: Maksymilian Arciemowicz cXIb8O3 .17 Date: 21.9.2005 from SECURITYREASON.COM - --- 0.Description --- GeSHi started as a mod for the phpBB forum system, to enable highlighting of more languages than the...

securityvulns•added 2005/09/26 12:0 a.m.•24 views

[Full-disclosure] GeSHi Local PHP file inclusion 1.0.7.2

7AI score

Tenable Nessus•added 2005/08/30 12:0 a.m.•25 views

PostNuke <= 0.760 RC4b Multiple Vulnerabilities

The remote host appears to be running PostNuke version 0.760 RC4b or older. These versions suffer from several vulnerabilities : - Multiple Cross-Site Scripting Vulnerabilities An attacker can inject arbitrary HTML and script code into the browser of users by manipulating input to the 'moderate'...

7.5CVSS6.3AI score0.01434EPSS

Exploits2References4

Cvelist•added 2005/08/24 4:0 a.m.•19 views

CVE-2005-2690

SQL injection vulnerability in the Downloads module in PostNuke 0.760-RC4b allows PostNuke administrators to execute arbitrary SQL commands via the show parameter to dl-viewdownload.php...

8.2AI score0.00982EPSS

Cvelist•added 2005/08/24 4:0 a.m.•20 views

CVE-2005-2689

Multiple cross-site scripting XSS vulnerabilities in PostNuke 0.760-RC4b allows remote attackers to inject arbitrary web script or HTML via 1 the moderate parameter to the Comments module or 2 htmltext parameter to html/user.php...

5.8AI score0.01434EPSS

CVE•added 2005/08/24 4:0 a.m.•56 views

CVE-2005-2690

CVE-2005-2690 : PostNuke 0.760-RC4b is affected in the Downloads module. The vulnerability is a SQL injection in the dl-viewdownload.php script triggered via the show parameter, allowing an attacker to modify or execute SQL commands. Some sources indicate exploitation requires admin rights and co...

7.5CVSS8.2AI score0.00982EPSS

Exploits1References2Affected Software1

CVE•added 2005/08/24 4:0 a.m.•55 views

CVE-2005-2689

CVE-2005-2689 covers multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.760-RC4b (and older). The issues allow remote attackers to inject arbitrary HTML/JavaScript via (1) the moderate parameter to the Comments module, and (2) htmltext parameter to html/user.php. The NVD record lis...

2.6CVSS5.8AI score0.01434EPSS

Exploits1References2Affected Software1

NVD•added 2005/08/24 4:0 a.m.•16 views

CVE-2005-2689

2.6CVSS5.8AI score0.01434EPSS

NVD•added 2005/08/24 4:0 a.m.•15 views

CVE-2005-2690

SQL injection vulnerability in the Downloads module in PostNuke 0.760-RC4b allows PostNuke administrators to execute arbitrary SQL commands via the show parameter to dl-viewdownload.php...

7.5CVSS8.2AI score0.00982EPSS

Packet Storm•added 2005/08/24 12:0 a.m.•41 views

postnukeAgain.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Multiple vulnerabilities in PostNuke 0.760-RC4b=x cXIb8O3.15 Author: Maksymilian Arciemowicz cXIb8O3 Date: 12.6.2005 from SECURITYREASON.COM - --- 0.Description --- PostNuke: The Phoenix Release 0.750 PostNuke is an open source, open developement...

securityvulns•added 2005/08/23 12:0 a.m.•35 views

[SECURITYREASON.COM] Multiple vulnerabilities in PostNuke 0.760-RC4b=>x cXIb8O3.15

exploitpack•added 2005/08/22 12:0 a.m.•9 views

PostNuke 0.76 RC4b Comments Module - moderate Cross-Site Scripting

PostNuke 0.76 RC4b Comments Module - moderate Cross-Site Scripting source: https://www.securityfocus.com/bid/14635/info PostNuke is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied input. This can lead ...

6.8AI score

exploitpack•added 2005/08/22 12:0 a.m.•11 views

PostNuke 0.76 RC4b - user.php?htmltext Cross-Site Scripting

PostNuke 0.76 RC4b - user.php?htmltext Cross-Site Scripting source: https://www.securityfocus.com/bid/14635/info PostNuke is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied input. This can lead to thef...

6.8AI score